What do you use for CAS auditing?
56 views
Skip to first unread message
Robert Bond
Mar 26, 2019, 11:02:40 AM3/26/19
to CAS Community
What is everyone using for CAS auditing?
Mongo, Redis, Postgres, Mysql or other?
I am working on a new deployment for CAS and trying to see what auditing repository everyone is using.
Previously I used Mongo but I am leaning toward a relational db for ease of reporting.
Look forward to your responses.
magicserverpixiedust
Mar 26, 2019, 12:20:09 PM3/26/19
to CAS Community
Using Elasticsearch for CAS auditing here. Filebeat agent tails the cas audit logs and sends to logstash for parsing/field mappings then off to Elasticsearch. Kibana web front end for pretty dashboards/reports. We have about 15 months worth of CAS audit logs from 30k users in our Elasticsearch cluster, cool stuff.
Matthew Uribe
Mar 26, 2019, 12:32:07 PM3/26/19
to CAS Community
We already had Logrhythm running, so it made sense to send logs over to that. I'm using syslog to get them over there.
I don't manage Logrhythm, but from what I understand, they just had to setup a template on their end to parse the CAS logs.
Drew Liscomb
Mar 27, 2019, 11:24:22 AM3/27/19
to CAS Community
Similarly, we send CAS audit logs to Sumo Logic, but that's only saved for 60? days.
We have a separate audit log (created by a separate application) in a store backed by an RDB. However, our user base is considerably smaller. The size of the audit table is becoming an issue, so we'll likely address that ~real soon~.
Drew
William Vincent (Wix31)
Sep 26, 2023, 3:44:53 AM9/26/23
to CAS Community, magicserverpixiedust
Hello,
Is it possible to have the Logstash Grok patterns on a GitHub repository? This way, we can avoid reinventing the wheel.
Thank you in advance.
Is it possible to have the Logstash Grok patterns on a GitHub repository? This way, we can avoid reinventing the wheel.
Thank you in advance.
Reply all
Reply to author
Forward
0 new messages